| 1.1.5 Ensure 'Password Policy' is enabled - lifetime | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.2.2 Ensure 'Host Name' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.3 Ensure 'Failover' is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.2.4 Ensure 'Unused Interfaces' is disable | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.3.2 Ensure 'Image Authenticity' is correct | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | SYSTEM AND INFORMATION INTEGRITY |
| 1.4.3.5 Ensure 'aaa authentication ssh console' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | ACCESS CONTROL |
| 1.4.4.2 Ensure 'aaa authorization exec' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | ACCESS CONTROL |
| 1.4.5.3 Ensure 'aaa accounting for Serial console' is configured correctly | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.5.1 Ensure 'ASDM banner' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AWARENESS AND TRAINING |
| 1.5.2 Ensure 'EXEC banner' is set | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | AWARENESS AND TRAINING |
| 1.6.2 Ensure 'SSH version 2' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | SYSTEM AND COMMUNICATIONS PROTECTION |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.8.1 Ensure 'console session timeout' is less than or equal to '5' minutes | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.9.1.2 Ensure 'NTP authentication key' is configured correctly | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 1.10.1 Ensure 'logging' is enabled | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | AUDIT AND ACCOUNTABILITY |
| 1.11.4 Ensure 'SNMP traps' is enabled - coldstart | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 1.11.5 Ensure 'SNMP community string' is not the default string | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | IDENTIFICATION AND AUTHENTICATION |
| 2.1.3 Ensure 'EIGRP authentication' is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 2.2 Ensure 'noproxyarp' is enabled for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.7 Ensure 'ip verify' is set to 'reverse-path' for untrusted interfaces | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 3.8 Ensure 'security-level' is set to '0' for Internet-facing interface | CIS Cisco Firewall v8.x L1 v4.2.0 | Cisco | ACCESS CONTROL |
| 3.11 Ensure Java applet filtering is enabled | CIS Cisco Firewall ASA 9 L1 v4.1.0 | Cisco | CONFIGURATION MANAGEMENT |
| 5.4.6 Ensure no accounts are configured with blank or null passwords - password-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.4.6 Ensure no accounts are configured with blank or null passwords - system-auth | CIS Red Hat Enterprise Linux 7 STIG v2.0.0 STIG | Unix | CONFIGURATION MANAGEMENT |
| 5.15 Do not share the host's process namespace | CIS Docker 1.13.0 v1.0.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| 5.15 Ensure the host's process namespace is not shared | CIS Docker Community Edition v1.1.0 L1 Docker | Unix | SYSTEM AND COMMUNICATIONS PROTECTION |
| AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa exec | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000360 - The Arista Multilayer Switch must generate audit records for privileged activities or other system-level access - aaa system | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | AUDIT AND ACCOUNTABILITY |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa commands all start-stop | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa exec default start-stop | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| AMLS-NM-000430 - The Arista Multilayer Switch must employ AAA service to centrally manage authentication settings - aaa system default start-stop | DISA STIG Arista MLS DCS-7000 Series NDM v1r4 | Arista | CONFIGURATION MANAGEMENT |
| ESXI-65-000050 - The ESXi host must protect the confidentiality and integrity of transmitted information by protecting IP based management traffic. | DISA STIG VMware vSphere ESXi 6.5 v2r4 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| ESXI-67-000050 - The ESXi host must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | DISA STIG VMware vSphere 6.7 ESXi v1r3 | VMware | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUEX-NM-000060 - The Juniper EX switch must be configured to assign appropriate user roles or access levels to authenticated users. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | ACCESS CONTROL |
| JUEX-NM-000140 - The Juniper EX switch must be configured to produce audit records containing information to establish where the events occurred. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000220 - The Juniper EX switch must be configured to limit privileges to change the software resident within software libraries. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000430 - The Juniper EX switch must be configured to synchronize internal information system clocks using redundant authoritative time sources. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000570 - The Juniper EX switch must be configured to generate audit records for privileged activities or other system-level access. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000590 - The Juniper EX switch must be configured to generate audit records when concurrent logons from different workstations occur. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | AUDIT AND ACCOUNTABILITY |
| JUEX-NM-000630 - The Juniper EX switch must be configured to enforce access restrictions associated with changes to the system components. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUEX-NM-000680 - The Juniper EX switch must be configured with an operating system release that is currently supported by the vendor. | DISA Juniper EX Series Network Device Management v2r2 | Juniper | CONFIGURATION MANAGEMENT |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - dstops | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000387 - The Juniper perimeter router must be configured to drop IPv6 packets containing a Hop-by-Hop or Destination Option extension header with an undefined option type - hop-by-hop | DISA STIG Juniper Router RTR v3r2 | Juniper | SYSTEM AND COMMUNICATIONS PROTECTION |
| JUNI-RT-000660 - The Juniper PE router providing Virtual Private LAN Services (VPLS) must be configured to have all attachment circuits defined to the routing instance with the globally unique VPLS ID assigned for each customer VLAN. | DISA STIG Juniper Router RTR v3r2 | Juniper | CONTINGENCY PLANNING |
| MYS8-00-005100 - If passwords are used for authentication, the MySQL Database Server 8.0 must store only hashed, salted representations of passwords. | DISA Oracle MySQL 8.0 v2r2 DB | MySQLDB | IDENTIFICATION AND AUTHENTICATION |
| PANW-IP-000010 - In the event of a logging failure caused by the lack of audit record storage capacity, the Palo Alto Networks security platform must continue generating and storing audit records if possible, overwriting the oldest audit records in a first-in-first-out manner. | DISA STIG Palo Alto IDPS v3r1 | Palo_Alto | AUDIT AND ACCOUNTABILITY |
| SQL4-00-031900 - When supporting applications that require security labeling of data, SQL Server must associate organization-defined types of security labels having organization-defined security label values with information in storage. | DISA STIG SQL Server 2014 Database Audit v1r7 | MS_SQLDB | ACCESS CONTROL |
| VCWN-65-000052 - The vCenter Server for Windows must protect the confidentiality and integrity of transmitted information by isolating IP-based storage traffic. | DISA STIG VMware vSphere vCenter 6.5 v2r3 | VMware | CONFIGURATION MANAGEMENT |
| WN10-UR-000090 - The Deny log on through Remote Desktop Services user right on Windows 10 workstations must at a minimum be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 10 STIG v3r4 | Windows | ACCESS CONTROL |
| WN11-UR-000090 - The 'Deny log on through Remote Desktop Services' user right on Windows 11 workstations must be configured to prevent access from highly privileged domain accounts and local accounts on domain systems and unauthenticated access on all systems. | DISA Microsoft Windows 11 STIG v2r3 | Windows | ACCESS CONTROL |
